Lucene search

[email protected]CVE-2014-0144

HistorySep 29, 2022 - 3:15 a.m.

CVE-2014-0144

2022-09-2903:15:11

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-0144

qemu

memory corruptions

integer overflow

buffer overflow

remote code execution

nvd

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

QEMU before 2.0.0 block drivers for CLOOP, QCOW2 version 2 and various other image formats are vulnerable to potential memory corruptions, integer/buffer overflows or crash caused by missing input validations which could allow a remote user to execute arbitrary code on the host with the privileges of the QEMU process.

Affected configurations

NVD

Node

qemuqemuRange<2.0.0

Node

redhatvirtualizationMatch3.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.5

redhatenterprise_linux_openstack_platformMatch5

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.5

redhatenterprise_linux_server_tusMatch6.5

redhatenterprise_linux_workstationMatch6.0

CPENameOperatorVersion
qemu:qemuqemult2.0.0

CPE	Name	Operator	Version
qemu:qemu	qemu	lt	2.0.0

References

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=24342f2cae47d03911e346fe1e520b00dc2818e0

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=2d51c32c4b511db8bb9e58208f1e2c25e4c06c85

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=5dab2faddc8eaa1fb1abdbe2f502001fc13a1b21

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=63fa06dc978f3669dbfd9443b33cde9e2a7f4b41

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=6d4b9e55fc625514a38d27cff4b9933f617fa7dc

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=7b103b36d6ef3b11827c203d3a793bf7da50ecd6

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=97f1c45c6f456572e5b504b8614e4a69e23b8e3a

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=a1b3955c9415b1e767c130a2f59fee6aa28e575b

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=ce48f2f441ca98885267af6fd636a7cb804ee646

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=d65f97a82c4ed48374a764c769d4ba1ea9724e97

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=f56b9bc3ae20fc93815b34aa022be919941406ce

rhn.redhat.com/errata/RHSA-2014-0420.html

rhn.redhat.com/errata/RHSA-2014-0421.html

bugzilla.redhat.com/show_bug.cgi?id=1079240

www.vulnerabilitycenter.com/#%21vul=44767

Social References

8.6 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Related for CVE-2014-0144

prion1 nvd1 debiancve1 cvelist1 ubuntucve1 veracode7 redhat5 openvas16 nessus15 oraclelinux1 centos1 suse1 fedora1 securityvulns2 debian2 gentoo1 ubuntu1 mageia1